Help Search

Install Passbolt PRO on openSUSE 15

Prerequisites

For this tutorial, you will need:

  • A minimal openSUSE 15 server.

  • A domain / host name pointing to your server, or at least being able to reach your server through a static IP address.
  • a working SMTP server for email notifications
  • a working NTP service to avoid GPG authentication issues

The recommended server requirements are:

  • 2 cores
  • 2GB of RAM

FAQ pages:

Please note: It is important that you use a vanilla server with no other services or tools already installed on it. The install scripts could potentially damage any existing data on your server.

Pro tip: If you are going to manually provision SSL certificates you may want to do that before beginning!

Package repository setup

For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt PRO and install it.

Step 1. Download our dependencies installation script:

wget "https://download.passbolt.com/pro/installer/passbolt-repo-setup.pro.sh"

Step 2. Download our SHA512SUM for the installation script:

wget https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-pro-SHA512SUM.txt

Step 3. Ensure that the script is valid and execute it:

sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh  || echo \"Bad checksum. Aborting\" && rm -f passbolt-repo-setup.pro.sh

Install passbolt official linux package

sudo zypper install passbolt-pro-server

During the installation, you will be asked to accept passbolt GPG repository key. You must ensure the fingerprint is exactly the same as the one below:

  Repository:       Passbolt Server
  Key Fingerprint:  3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
  Key Name:         Passbolt SA package signing key <[email protected]>
  Key Algorithm:    RSA 2048

If the fingerprint matches, trust always by answering a to this question:

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):

Then, you will be asked for PHP repository GPG key, ensure the fingerprint is correct and trust it always:

  Repository:       php
  Key Fingerprint:  55CF 98B4 BB5B C6CC 2E24 748F 82EE 4011 CBCA 8BB5
  Key Name:         devel:languages:php OBS Project <devel:languages:[email protected]>
  Key Algorithm:    DSA 1024

Finally, verify and trust openSUSE PHP extensions repository GPG key:

  Repository:       php-extensions-x86_64
  Key Fingerprint:  A85C D7EF 5242 1152 9A7F 994A 9B41 A048 1AF1 B065
  Key Name:         server:php:extensions OBS Project <server:php:[email protected]>
  Key Algorithm:    RSA 2048

MariaDB / Nginx / SSL settings

Passbolt PRO RPM package on openSUSE 15 come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings.

You must prepare beforehand your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process.

Please, notice that for security matters we highly recommend to setup SSL to serve passbolt.

Launch passbolt-configure tool and answer to the questions:

sudo /usr/local/bin/passbolt-configure

MariaDB

================================================================
Do you want to configure a local mariadb server on this machine?
================================================================
1) yes
2) no
#?

Answer 1 for yes if you want to configure a local MariaDB database, otherwise 2 for no if you plan to use an existing one.

If you chose yes, answer the questions:

=======================================================
Please enter a new password for the root database user:
=======================================================
MariaDB Root Password: ****
MariaDB Root Password (verify): ****
======================================================
Please enter a name for the passbolt database username
======================================================
Passbolt database user name:passboltuser
=======================================================
Please enter a new password for the mysql passbolt user
=======================================================
MariaDB passbolt user password: ****
MariaDB passbolt user password (verify): ****
==============================================
Please enter a name for the passbolt database:
==============================================
Passbolt database name:passboltdb

Haveged

On virtualized environments GnuPG happen to find not enough entropy to generate a key. Therefore, Passbolt will not run properly.

You should consider to install Haveged to speed up the entropy generation. Please check our FAQ page about this for more informations.

==================
Install Haveged ?
==================
1) yes
2) no
#?

Nginx

Please enter the domain name under which passbolt will run.

Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates.

If you don’t have a domain name and you do not plan to use let’s encrypt please enter the ip address to access this machine.

=========
Hostname: passbolt.domain.tld
=========

SSL configuration

3 available choices for SSL configuration:

  • manual: Prompts for the path of user uploaded ssl certificates and set up nginx
  • auto: Will issue a free SSL certificate with https://www.letsencrypt.org and set up nginx
  • none: Do not setup HTTPS at all
==================
Setting up SSL...
==================
1) manual
2) auto
3) none
#?

If you choose 1, you will be prompted for the full path of your certificates:

Enter the path to the SSL certificate: /path/to/certs/cert.pem
Enter the path to the SSL privkey: /path/to/certs/key.pem

Nginx and MariaDB are now on the way to be configured. You will be notified at the end of the process to connect to the Passbolt web interface to finish the configuration.

===============================================================
Installation is almost complete. Please point your browser to
  https://passbolt.domain.tld to complete the process
===============================================================

2. Configure passbolt

Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt can be reached. You will reach a getting started page.

passbolt welcome page before configuration fig. passbolt welcome page before configuration

2.1. Healthcheck

The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on “Start configuration” when ready.

wizard - healthcheck fig. wizard - healthcheck

2.2. Subscription key

At this step, the wizard will ask you for your subscription key. You should have received it by email soon after your online purchase. Enter it in the box.

wizard - subscription key fig. wizard - subscription key

2.3. Database

This step is about telling passbolt which database to use. Enter the host name, port number, database name, username and password.

wizard - database fig. wizard - database

2.4. GPG key

In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to authenticate itself during the login handshake process.

Generate a key if you don’t have one.

wizard - generate a key pair fig. wizard - generate a key pair

Optional: Import a key if you already have one and you want your server to use it.

Do not set a passphrase or an expiration date The php-gnupg module does not support using passphrase at the moment. Make sure you do not set one. Similarly do not set an expiration date. Otherwise all your users will need to perform an account recovery when you will eventually need to update the key.

To create a new GnuPG key without passphrase:

gpg --batch --no-tty --gen-key <<EOF
  Key-Type: default
  Key-Length: 2048
  Subkey-Type: default
  Subkey-Length: 2048
  Name-Real: John Doe
  Name-Email: [email protected]
  Expire-Date: 0
  %no-protection
  %commit
EOF

Feel free to replace Name-Real and Name-Email with your own.

To display your new key:

gpg --armor --export-secret-keys [email protected]
wizard - import a key pair fig. wizard - import a key pair

2.5. Mail server (SMTP)

At this stage, the wizard will ask you to enter the details of your SMTP server.

wizard - smtp mail server details fig. wizard - smtp mail server details

You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter the email address at which you want the wizard to send you a test email and click on “Send test email”.

wizard - test smtp settings fig. wizard - test smtp settings

2.6. Preferences

The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated but you can also change them if you know what you are doing.

wizard - preferences fig. wizard - preferences

2.7. First user creation

You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.

wizard - first user fig. wizard - first user

2.8. Installation

That’s it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while the configuration process is going on.

wizard - installation fig. wizard - installation

Your user account is now created. You will see a redirection page for a few second and then will be redirected to the user setup process so that you can configure your user account.

wizard - completion and redirection fig. wizard - completion and redirection

3. Configure your administrator account

3.1. Download the plugin

Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the next step.

download the browser extension fig. download the browser extension

3.2. Create a new key

Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.

generate a key fig. generate a key

3.3. Download your recovery kit

This step is essential. Your key is the only way to access your account and passwords. If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase.

download the recovery kit fig. download the recovery kit

3.4. Define your security token

Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.

define your security token fig. define your security token

3.5. That’s it!

Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!

Last updated

This article was last updated on November 24th, 2021.

Are you experiencing issues with Passbolt Pro Edition?

Contact Pro support

or ask the community

Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

View on github
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!